I have been working on a WOPI solution and have recently seen some weird behavior where the wdl* query parameters are getting injected into the middle of the call back URL.
In the network tab of the F12 developer tools I see the following request
https://office.live.com/start/Word.aspx?h4b={Company Name and Product}&c4b=2&eurl=https://{Server}/#/microsoft-office/123073&hp=6sW5SZo+fQ4SiPRE+M3+XzLmJ9KpwpvL5xYrse8+zPY=
Which results in a 302 redirect. The issue is the location header has the following URL.
https://{Server}/?wdlcs=gY4CMRNo7lOyF6Xi7B7I3Y1fPBiRf8klKh/cwfOZkOQ=&wdlcsexp=637618892956193570#/microsoft-office/123073
As you can see the two wdl query parameter were injected into the middle of the callback url.
I did notice that is appears that they were injected right before the "#" in the callback URL. However I have not been able to find any documentation that says that the "#" is unsupported.
This is a known bug in the MS WOPI implementation that is unresolved at the moment. It was scheduled for fixing early January 2022, but the status of the fix is currently unknown.